DCry ransomware virus. How to remove? (Uninstall guide)

removal by Linas Kiguolis - - | Type: Ransomware
12

The latest facts about DCry ransomware and its decryption

The image displaying DCry virus

DCry virus happens to be another virus which refers to the notorious WannaCry[1] ransomware. Fortunately, the virus does not manifest such capabilities as the former infection or at least similar ones. Indeed, there have been such threats as, for example, FakeCry, which inflict great damage.

Speaking of the current virus, it does not launch its own graphic interface. In its HOW_TO_DECRYPT.txt file, scarce information is delivered:

Files has been encrypted.
If you want to decrypt, please, write me to e-mail: bbqb@protonmail.com

The message delivered through MsgBox repeats the same information. Besides these qualities, the original malware version appends .dcry file extension to the encrypted files, but there are new virus versions which also use .qwqd extensions.

Interestingly, the malware links to Germany. According to its technical specifications, it is detectable as Trojan-Ransom.Win32.Purgen, Ransom_FAKEWCRY.I, or Trojan.GenericKD.5584545.

Luckily, multiple cyber security applications are able to detect this malicious presence. Thus, you will be able to remove DCry virus as well. Reimage or Malwarebytes Anti Malware will speed up the process. 

Update July 14th, 2017. Security experts Michael Gillespie and Francesco Mauroni managed to create a free decryption tool for victims of DCry ransomware. Therefore, do not hesitate and remove the ransomware ASAP. You have a chance to restore your files for free, so do not even consider paying the ransom to cybercriminals. You can find DCryDecryptor's download link below.

NOTE: DCry Decrypter has been updated to restore files encrypted by the latest ransomware version which appends .qwqd extensions and uses qwqd@protonmail.com email address for communication.

WannaCry keeps inspiring wannabe hackers

Though since the first wave of the former threat, almost two months have passed, other crooks still use it as the material to evoke more fear to victims. Fortunately, such clones often happen to be poorly programmed and much less destructive.

DCry ransomware happens to be one of such samples as well. On the other hand, its developer cunningly makes a diversion. The virus contains references to FakeCry, WammaCry, and even Globe as some anti-virus detect as Purgen virus, reference to Globe.

Furthermore, the virus functions via Cryptor.exe and message.vbs files. The malware connects to hidden onion websites www.indyproject.org/. The latter websites serve as the opens source website created by an unknown group of netizens.

It is designed for exchanging ideas how to transfer an entire system to another computer. Regarding the fact that DCry may target systems via remote desktop protocols (RDP), the websites turn out to be more than shady.
The malware also connects to one IP address which links to Germany. However, taking into account that the perpetrator uses Tor, it might be only a diversion.

Ransomware prevention principles

Besides RDP, the threat may lurk for Windows OS users in certain corrupted websites. Thus, when they click on a certain link or download an infected website, they might encounter DCry hijack.

The latter method is getting much more dangerous as cyber criminals have found a way how to foist an infection in a file. In order to activate victims do not need to click on file anymore – hovering over it[2] is enough to face the aftermath of crypto-malware.

Thirdly, note that ransomware distribution via spam emails is still viable. Vigilance and cautiousness are not sufficient in countering ransomware. You will need cyber security applications to ward off and counterattack the malware. Now let us move on to the section which presents DCry removal options.

Perform DCry ransomware removal and start file decryption now!

Even though the malware may not be as destructive as its referrer, you should not delay DCry removal. In some cases, rebooting the computer interrupts data encryption process.

Before you decrypt files, you might check some of our suggested programs at the bottom of the page. Hungarian users should be careful as the virus might target the residents of this country more.[3]

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove DCry ransomware virus you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall DCry ransomware virus. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.

Manual DCry virus Removal Guide:

Remove DCry using Safe Mode with Networking

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

Make use of Safe Mode function. It grants you partial access to the system, but it bypasses any interruption caused by the virus.

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove DCry

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete DCry removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove DCry using System Restore

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of DCry. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that DCry removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove DCry from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

If your files are encrypted by DCry, you can use several methods to restore them:

How useful is Data Recovery Pro?

This utility is said to recover lost and corrupted files. In addition, if you accidentally deleted highly important emails, this utility will help you retrieve them.

The benefits of Shadow Explorer

Since this virus is not a full-fledged copy of WannaCry, it is possible that you may restore files affected by DCry virus with the assistance of this program. It is able to restore files on the basis of shadow volume copies.

  • Download Shadow Explorer (http://shadowexplorer.com/);
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

DCry Decryptor

There is a free decryption tool available, so victims who have their files marked with .dcry and .qwqd extensions can now restore them for free. Just download the DCry decryption tool from here and start decrypting your files!

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from DCry and other ransomwares, use a reputable anti-spyware, such as Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware

About the author

Linas Kiguolis
Linas Kiguolis - Expert in social media

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

More information about the author

References